Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X Configuration Manual page 174

JUNOSe 11.1.x IP Services Configuration Guide
ipsec transform-set
key
masked-key
148
Configuration Tasks
Use to create a transform set. Each transform in a set provides a different
combination of data authentication and confidentiality.
Transform sets used for manually configured tunnels can have one transform.
Transform sets used for signaled tunnels can have up to six transforms. The
actual transform used on the tunnel is negotiated with the peer. Transforms are
numbered in a priority sequence in the order in which you enter them.
To display the names of the transforms that you can use in a transform set, issue
the ipsec transform-set transformSetName ? command.
Example
host1(config)#ipsec transform-set espSet esp-3des-hmac-md5 esp-3des-null-auth
Use the no version to delete a transform set. You cannot remove a transform
set if a tunnel is referencing the transform set.
See ipsec transform-set.
Use to enter a manual preshared key.
Preshared keys can have up to 256 ASCII alphanumeric characters. To include
spaces in the key, enclose the key in quotation marks.
Example 1
host1(config-manual-key)#key dj5fe23owi8er49fdsa
Example 2
host1(config-manual-key)#key " my key with spaces"
There is no no version. To delete a key, use the no version of the ipsec key
manual command.
See key.
Use to enter the preshared key in masked form.
For security purposes, the router displays the key only in masked form. If you
delete the key or reboot the router to factory defaults, you can use this command
to reenter the key in its masked form so that the key is not visible while you
enter it.
To see the masked key, use the show config command.
Example
host1#show config
ipsec key manual pre-share 10.10.1.1
masked-key AAAAGAAAAAcAAAACfd+SAsaVQ6Qeopt2rJOP6LDg+0hX5cMO"
host1#configure terminal